Search squid archive

Re: Problems with transparancy and pf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 2011-03-29 12:26, Indunil Jayasooriya wrote:

On Tue, Mar 29, 2011 at 3:32 PM, Leslie Jensen<leslie@xxxxxxx>  wrote:
Hello list.

I've used squid together with pf for a while on a Freebsd 7.2-RELEASE
machine.


I've now installed Freebsd 8.2-RELEASE on new hardware and I'm using my
config from the 7.2 machine.

My problem is that squid is not working with transparency. The browser
traffic goes directly to the Internet.

Setting proxy in the browser works, so I believe squid is ok.

My question is about which build options I must use?

I've used the following:
SQUID_KERB_AUTH                 X       (ON)
SQUID_NIS_AUTH                  X       (ON)
SQUID_IPV6      (Default)       X       (ON)

SQUID_DELAY_POOLS               X       (ON)
SQUID_SNMP                      X       (ON)
SQUID_HTCP (CARP?)              X       (ON)
SQUID_WCCP                      X       (ON)
SQUID_IDENT                             (OFF)
SQUID_IPFW                      X       (ON)
SQUID_PF                        X       (ON)
SQUID_AUFS (Default)            X       (ON)
SQUID_KQUEUE                    X       (ON)

Then I found this
https://wiki.andrewmercer.net/index.php/Squid_-_Transparent_Proxy

Where he suggests that even
SQUID_IPFILTER                  X       (ON)

Should be activated.

I recompiled Squid3.1 with the above and now I get an error which I can
understand because I do not have IPFilter installed/active.

____________________________________

2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
(2) No such file or directory
2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
(2) No such file or directory
2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
(2) No such file or directory
2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
(2) No such file or directory
2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
(2) No such file or directory
2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
(2) No such file or directory
2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
(2) No such file or directory
2011/03/29 11:14:43| IpIntercept.cc(250) IpfInterception: NAT open failed:
(2) No such file or directory
2011/03/29 11:14:44| IpIntercept.cc(250) IpfInterception: NAT open failed:
(2) No such file or directory
_____________________________________

So when only pf is used, must I compile squid with IPFILTER and IPFW ?

Thanks

/Leslie


  Pls see below Urls


  http://forums.freebsd.org/showthread.php?t=16917

  http://forums.freebsd.org/showthread.php?t=14889


  http://forums.freebsd.org/showthread.php?t=10874



Thank you!

I've seen those links and they suggest compiling with PF and IPFW.

But as I wrote it does not work so I'm wondering if IPFILTER should be used. If not I'm back on square one.

As you can see below I have used more options and maybe it is to much.

squid -v
Squid Cache: Version 3.1.11
configure options: '--with-default-user=squid' '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' '--localstatedir=/var/squid' '--sysconfdir=/usr/local/etc/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid/squid.pid' '--enable-removal-policies=lru heap' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-epoll' '--disable-translation' '--enable-auth=basic digest negotiate ntlm' '--enable-basic-auth-helpers=DB NCSA PAM MSNT SMB squid_radius_auth YP' '--enable-digest-auth-helpers=password' '--enable-external-acl-helpers=ip_user session unix_group wbinfo_group' '--enable-ntlm-auth-helpers=smb_lm' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-storeio=ufs diskd aufs' '--enable-disk-io=AIO Blocking DiskDaemon DiskThreads' '--enable-delay-pools' '--enable-ipfw-transparent' '--enable-pf-transparent' '--enable-ipf-transparent' '--disable-ecap' '--disable-loadable-modules' '--enable-kqueue' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=amd64-portbld-freebsd8.2' 'build_alias=amd64-portbld-freebsd8.2' 'CC=cc' 'CFLAGS=-O2 -pipe -fno-strict-aliasing' 'LDFLAGS=' 'CPPFLAGS=' 'CXX=c++' 'CXXFLAGS=-O2 -pipe -fno-strict-aliasing' 'CPP=cpp' --with-squid=/usr/ports/www/squid31/work/squid-3.1.11 --enable-ltdl-convenience

Do you have any suggestions?

/Leslie



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux